Wireless Security - A Timely Topic

This article discusses basic security information for a wireless PC and home network. If you connect to your office network with your wireless PC, then you should also implement security settings obtained from your System Administrator. If you connect to a public network then security is even more important because public networks do not usually use any encryption for authentication and data transfer.

What all users of wireless technology need to know, is how data is transferred when using Wireless and Bluetooth technology. Data does not go through wires where it is relatively safe from eavesdropping, but through the air waves, where it is available to anyone with the proper equipment, unless that data is protected in some way.

Using Automatic Wireless Network Configuration in Windows XP sp2m will get your wireless device and network set up quickly and easily. This Windows wizard will set your device up so that it is able to move around seamlessly, without the connection settings having to be reconfigured. During set up with the wizard, Windows will automatically provide you with a list of available wireless networks to connect to within your signal range. Some of those networks may be your neighbours’ wireless PC’s or other networks, that are not properly secured. An easy way of setting up a network, uses a USB flash drive to save the settings from one PC, then plug the flash drive into each of the other PCs to transfer identical settings. Having identical settings on each PC, allows them to connect to each other.

The Three Types of Access Used in Wireless Communication :

1. Access Point Connection: The access point is like a bridge to connect wireless PC’s to the network. For example: A router or hub is an access point. Another example: Occurs in a business environment, when the wireless PC is moved throughout the building, it would connect to new access points, as the previous access point’s signal becomes weaker. All wireless devices must have an access point or transmitter, that contains an antenna on one side to send and receive data and a wire to connect it to a wired connection such as an ethernet card, DSL line, cable or dial-up modem. A wireless router, acts as an access point in most home configurations. (Occassionally a wireless station is used instead of an access point to connect wireless with wired.)
2. Computer to Computer: The wireless computer or device can connect to other wireless computers or devices directly, forming a temporary network. Locking down your wireless PC is necessary to prevent unwanted connections, while allowing connections you want.
3. Any Available Network: Your wireless PC automatically attempts connections to a network in the following order:

• It looks for an Access Point to connect to, if none is found,
• it looks for another computer to connect to, using Computer To Computer technology, and last if no other connections have been found,
• it will connect to Any Available Network that it finds within it’s signal area. This is the type of connection that you must protect yourself from, to prevent unwanted connections from anyone within your signal area.

Standards For Authentication In Wireless Communications

Standards are built in to every wireless device, allowing a variety of wireless devices to connect to each other, while verifying (authenticating) that the device attempting connection, is authorized to do so. Each standard has a specific set of security features that can be implemented, to protect wireless communication. The original standard was the IEEE 802.11 Authentication Standard. A newer standard is IEEE 802.1x, with improved security used during Authentication and data transfer between devices. Also added to the IEEE 802.1x standard, is EAP (External Authentication Protocol) which allows the use of smart cards and certificates for authentication. The newest Authentication standard IEEE 802.11i, improves security, ease of use and speed of data transmission.. Besides Authentication, the standards control the type of encryption that can be used. Encryption (scrambling of data to make it unreadable) is used to protect any data transmitted to and from your wireless computer or wireless network. The level of encryption depends on the standard used by your network adapter.

Types Of Encryption  For A Secure Wireless Network

There are several different types of protection for any wireless device or computer. However, they are all dependent on the type of Wireless Network Adapter that your PC uses for wireless communication. Each type can be implemented to prevent unwanted and unauthorized connection to your PC, as long as your Wireless Network Adapter supports them. Some manufacturers of these adapters, have produced a firmware (built-in software for your adapter) upgrade that can be downloaded and installed to support a higher level of security and also have information on their websites about what types of security are supported by your adapter. (WEP, WPA, WPA2 etc).

The 802.11 standard provides encryption (security) and authentication using WEP.

WEP or "Wired Equivalent Privacy" comes in two forms the oldest called "Static WEP" and the newer version (which is still old) "Dynamic WEP". Static WEP requires every user to type in the long hexadecimal Key to access the network and as it is the same key for everyone, it is easier for an attacker to get into the network. Dynamic WEP ties the Keys to the network logon and network session so that the key is issued per user and per session, increasing the security of WEP. In WEP, during automatic configuration, you must specify that a Key is used to verify any connections to the network, rather than it being mandatory. When you specify that an encryption key be used for WEP, you are either provided automatically with a static key (usually on the adapter) or you are able to specify your own Key, which will be needed by any PC connecting to your wireless network. You will also be able to assign an encryption Key that will encrypt your data as it travels over the network. A Key is most secure when it is a long alphanumeric string, that becomes more secure as it increases in length. Using static WEP however, the keys are not changed automatically, as they are in the newer WPA, making it much easier for a hacker to get into your computer and/or network. WEP is now the most insecure of the three types of encryption currently available, as it is the oldest.

The 802.1x standard provides encryption (security) and authentication using WEP or WPA.

WPA or "Wi-Fi Protected Access" may be supported by the adapter in your wireless PC, depending on the type of adapter you have. In WPA the encryption is stronger than WEP and can check any incoming encrypted data to make sure it is valid. The network Keys for each computer and device attached to the network, automatically change and authenticate regularly, providing more security than either static or dynamic WEP. WPA can also make use of pre-shared keys known as WPA-PSK, meaning that both the computer you are logging into, and your computer have the same alphanumeric key built in, allowing for mutual verification without sending the key, over the air waves. WPA also supports ethernet cable connections which allows you to connect to a wired network or PC. EAP (External Authentication Protocol) is also available with WPA allowing the use of smart cards and certificates for authentication. Most Network Adapters made before 2003 won’t support this technology without a firmware upgrade from the manufacturer.

WPA2 or "Wi-Fi Protected Access, 2nd generation" is the latest wireless encryption available and uses the same encryption technology as the government, called Advanced Encryption Standard (AES). WPA2 is unlikely to be supported by any older Wireless Network Adapters even with a firmware upgrade. New hardware will probably be needed to use this newest level of encryption.

Differences between WEP and WPA are as follows:

1. Authentication is optional when using static WEP. Required when using WPA.
2. Static WEP also makes encryption of information optional. WPA builds it in and makes it mandatory.
3. The 802.11b standard uses Dynamic WEP, which is better than Static WEP as it assigns a Key for each specific user, for each different session, thereby improving security over static WEP. The encryption key used in Dynamic WEP can also be set up to change frequently.
4. WPA can use pre-shared Keys for everyone on the network, known as WPA-PSK, which allows authentication without sending the Keys over the airwaves. This form of security is excellent for home use.
5. WPA can also use RADIUS – Remote Authentication Dial-In User Service for verifying that the computers attempting connection are authorized to do so. (this feature is more likely to be used in a business environment, rather than a home). WEP does not have this feature.
6. WEP assigns or lets you create the Keys to authenticate and encrypt, however in static WEP, these Keys do not change automatically, allowing hackers to take as much time as they want to discover your keys, and get into your system. If you must use WEP, then make sure it is Dynamic WEP.
7. WPA automatically changes, then authenticates the Keys at a pre-set interval, providing excellent security. With WPA even if a hacker found your key, by the time they used it, the key would have changed to a new key. This feature is called TKIP (Temporal Key Integrity Protocol).

Continued: http://msmvps.com/blogs/dgosling/articles/Why_Do_I_Need_To_Secure_My_Wireless_Device.aspx